Skip to content

(Round Table) Shadow IT Risks And Controls : Managing The Unknown Unknowns In Deep & Dark Web

round table ciso

We were happy to participate in a community round table organized by CISO Platform

Key Discussion Points : 

  • What is Shadow IT?
  • What are the types of Shadow IT?
  • Practical demo using open source tools
  • Controls to manage shadow IT risk

Reason Of Risk : 

  • No standardization
  • Unknown risks
  • Security breaches
  • Data leaks

Types Of Risks :

  • Third party email service
  • Third party applications – whatspp, box
  • Unknown assets
  • Custom applications / individual built applications / scripts
  • Database
  • Cloud Buckets, S3
  • Github ..online code repository
  • Online Free tools / SaaS
  • API
  • Owner change of assets (person has left)
  • Data in non electronical/ Physical forms
  • Shadow accounts/privileges
  • Shared / Leaked / Default / Weak / Written down passwords
  • Backdoors
  • IoT
  • Rogue devices
  • BYOD
  • CCTV – source and data destination; set-top box
  • 3rd party
  • 4th party
  • Supply chain

(PPT) Presentation from the discussion :